Commit graph

5932 commits

Author SHA1 Message Date
Alistair Francis c3d9e15f02 target/riscv: Return the exception from invalid CSR accesses
When performing a CSR access let's return a negative exception value on
an error instead of -1. This will allow us to specify the exception in
future patches.

Backports 57cb2083e638bb28616c059cbf067d99552a04bb
2021-03-08 13:49:09 -05:00
Alistair Francis dd9f854edb target/riscv: Support the v0.6 Hypervisor extension CRSs
Backports 83028098f45a08da209799aeea4801c362d0afeb
2021-03-08 13:40:30 -05:00
Alistair Francis 8e3d241d2c target/riscv: Only support little endian guests
Backports 30f663b16f81d862256c7c71bc909d4588924d8c
2021-03-08 13:34:22 -05:00
Alistair Francis 12d33edea5 target/riscv: Only support a single VSXL length
Backports f8dc878efc45691be7e6c2019a19c271fb9aebbb
2021-03-08 13:33:38 -05:00
Alistair Francis 1551a961ba target/riscv: Update the CSRs to the v0.6 Hyp extension
Backports 543ba53157f9003eaa9b802d44c577c5814e232c
2021-03-08 13:33:03 -05:00
Alistair Francis bf52a9b17e target/riscv: Update the Hypervisor trap return/entry
Backports f2d5850f71f3e41b240f328c2bc844a4e44e66c9
2021-03-08 13:31:03 -05:00
Alistair Francis db749a279d target/riscv: Fix the interrupt cause code
Backports 84b1c04bbaf48798a535b38410a0bf839f4a1943
2021-03-08 13:28:11 -05:00
Alistair Francis a5311a267d target/riscv: Convert MSTATUS MTL to GVA
Backports 9034e90ad9959b89da32978e3b6d71b7069050a5
2021-03-08 13:26:31 -05:00
Alistair Francis 7ceb984b60 target/riscv: Don't allow guest to write to htinst
Backports e2eb5ca8f66c239f6194afda88cad455e42725ef
2021-03-08 13:22:51 -05:00
Alistair Francis 4972437f93 target/riscv: Allow generating hlv/hlvx/hsv instructions
Backports 8c5362acb573b8b1913238a5ddefdeef12f513a8
2021-03-08 13:13:32 -05:00
Alistair Francis a8bce9af7a target/riscv: Allow setting a two-stage lookup in the virt status
Backports 5a894dd7709f3b6a9f3e861dec71f78098bb3373
2021-03-08 12:49:16 -05:00
Zong Li 9792907bcf target/riscv: Change the TLB page size depends on PMP entries.
The minimum granularity of PMP is 4 bytes, it is small than 4KB page
size, therefore, the pmp checking would be ignored if its range doesn't
start from the alignment of one page. This patch detects the pmp entries
and sets the small page size to TLB if there is a PMP entry which cover
the page size.

Backports af3fc195e3c8e98b62eca3e4ee927f1965381dc3
2021-03-08 12:46:27 -05:00
Zong Li 2edba8fcfe target/riscv: Fix the translation of physical address
The real physical address should add the 12 bits page offset. It also
causes the PMP wrong checking due to the minimum granularity of PMP is
4 byte, but we always get the physical address which is 4KB alignment,
that means, we always use the start address of the page to check PMP for
all addresses which in the same page.

Backports 9ef82119b10d996cef63af679af5c1a7a85e6c19
2021-03-08 12:43:43 -05:00
Hou Weiying 55be7adad9 riscv: Fix bug in setting pmpcfg CSR for RISCV64
First, sizeof(target_ulong) equals to 4 on riscv32, so this change
does not change the function on riscv32. Second, sizeof(target_ulong)
equals to 8 on riscv64, and 'reg_index * 8 + i' is not a legal
pmp_index (we will explain later), which should be 'reg_index * 4 + i'.

If the parameter reg_index equals to 2 (means that we will change the
value of pmpcfg2, or the second pmpcfg on riscv64), then
pmpcfg_csr_write(env, 2, val) will map write tasks to
pmp_write_cfg(env, 2 * 8 + [0...7], val). However, no cfg csr is indexed
by value 16 or 23 on riscv64, so we consider it as a bug.

We are looking for constant (e.g., define a new constant named
RISCV_WORD_SIZE) in QEMU to help others understand code better,
but none was found. A possible good explanation of this literal is it is
the minimum word length on riscv is 4 bytes (32 bit).

Backports fdd33b86b20d153b131fc6259aea7a0084ab14b8
2021-03-08 12:42:12 -05:00
LIU Zhiwei cde007ccb6 target/riscv: check before allocating TCG temps
Backports ec80f8745931f0c8f8f2251e16bcc69170cf6f27
2021-03-08 12:41:19 -05:00
LIU Zhiwei 8fe29be764 target/riscv: Clean up fmv.w.x
Use tcg_gen_extu_tl_i64 to avoid the ifdef.

Backports 6e0229e63868b8b5bfcc54959cea227ed19f7bd3
2021-03-08 12:39:38 -05:00
Richard Henderson 3af34d3df4 target/riscv: Check nanboxed inputs in trans_rvf.inc.c
If a 32-bit input is not properly nanboxed, then the input is replaced
with the default qnan. The only inline expansion is for the sign-changing
set of instructions: FSGNJ.S, FSGNJX.S, FSGNJN.S.

Backports ffe70e4dfc9cf2a6934e674b81b69c847b403c4b
2021-03-08 12:38:15 -05:00
Richard Henderson ce54dfb4f7 target/riscv: Check nanboxed inputs to fp helpers
If a 32-bit input is not properly nanboxed, then the input is
replaced with the default qnan.

Backports 00e925c56074f8c4923a087e2eecea8a3315ea40
2021-03-08 12:31:18 -05:00
Richard Henderson f0bb9a7f39 target/riscv: Generate nanboxed results from trans_rvf.inc.c
Make sure that all results from inline single-precision scalar
operations are properly nan-boxed to 64-bits.

Backports 40eaa473611936445ae9c63841445cfa6e36840b
2021-03-08 12:26:49 -05:00
Richard Henderson 52f2d5cbee target/riscv: Generalize gen_nanbox_fpr to gen_nanbox_s
Do not depend on the RVD extension, take input and output via
TCGv_i64 instead of fpu regno. Move the function to translate.c
so that it can be used in multiple trans_*.inc.c files.

Backports d36a86d01e67792c51dd2a82360cda012bde9442
2021-03-08 12:24:20 -05:00
Richard Henderson adb4d9907a target/riscv: Generate nanboxed results from fp helpers
Make sure that all results from single-precision scalar helpers
are properly nan-boxed to 64-bits.

Backports 9921e3d3306c344aceeabe074d5bcaafcc6acafb
2021-03-08 12:21:58 -05:00
Thomas Huth 1a4d0973f0 target/riscv/vector_helper: Fix build on 32-bit big endian hosts
The code currently fails to compile on 32-bit big endian hosts:

 target/riscv/vector_helper.c: In function 'vext_clear':
 target/riscv/vector_helper.c:154:16: error: cast to pointer from integer
 of different size [-Werror=int-to-pointer-cast]
         memset((void *)((uintptr_t)tail & ~(7ULL)), 0, part1);
                ^
 target/riscv/vector_helper.c:155:16: error: cast to pointer from integer
 of different size [-Werror=int-to-pointer-cast]
         memset((void *)(((uintptr_t)tail + 8) & ~(7ULL)), 0, part2);
                ^
 cc1: all warnings being treated as errors

We should not use "long long" (i.e. 64-bit) values here to avoid the
problem. Switch to our QEMU_ALIGN_PTR_DOWN/UP macros instead.

Backports 35c7f5254b608c0694b11fc9f0d2c1a4ffb216b4
2021-03-08 12:18:39 -05:00
LIU Zhiwei 0f95c05ca4 target/riscv: fix vector index load/store constraints
Although not explicitly specified that the the destination
vector register groups cannot overlap the source vector register group,
it is still necessary.

And this constraint has been added to the v0.8 spec.

Backports 3e09396e36dff4234afd6f6fd51861949be383e1
2021-03-08 12:16:45 -05:00
LIU Zhiwei fdfa52f424 target/riscv: Quiet Coverity complains about vamo*
Backports eabfeb0cb9e054108b3e29a3a85363b3d80d9c38
2021-03-08 12:15:56 -05:00
Alexandre Mergnat cd956f5aa6 target/riscv: Fix pmp NA4 implementation
The end address calculation for NA4 mode is wrong because the address
used isn't shifted.

It doesn't watch 4 bytes but a huge range because the end address
calculation is wrong.

The solution is to use the shifted address calculated for start address
variable.

Modifications are tested on Zephyr OS userspace test suite which works
for other RISC-V boards (E31 and E34 core).

Backports cfad709bceb629a4ebeb5d8a3acd1871b9a6436b
2021-03-08 12:14:51 -05:00
Frank Chang b1e52b7958 target/riscv: fix vill bit index in vtype register
vill bit is at vtype[XLEN-1].

Backports fbcbafa2c1c33ae6630e7717f7f4141befb5b31a
2021-03-08 12:13:58 -05:00
Frank Chang 61d69c8175 target/riscv: fix return value of do_opivx_widen()
do_opivx_widen() should return false if check function returns false.

Backports a69f97c1110205bc173657c77ce2d16877cad683
2021-03-08 12:13:16 -05:00
Frank Chang 98982dbe49 target/riscv: correct the gvec IR called in gen_vec_rsub16_i64()
Backports 1989205c4e973bc7f9fac0ce0700993f30582538
2021-03-08 12:12:36 -05:00
Frank Chang d75c8e7fcf target/riscv: fix rsub gvec tcg_assert_listed_vecop assertion
gvec should provide vecop_list to avoid:
"tcg_tcg_assert_listed_vecop: code should not be reached bug" assertion.

Backports 7acafcfa844fd93f5ff073077007627338bd6739
2021-03-08 12:11:38 -05:00
Philippe Mathieu-Daudé 798ce750d5 target/arm/cpu: Update coding style to make checkpatch.pl happy
Backports dddc200dcddd1a4e44c32e2b0f5a3cb248c506a6
2021-03-08 11:35:28 -05:00
Peter Collingbourne de7bcbae57 target/arm: Use TCF0 and TFSRE0 for unprivileged tag checks
Section D6.7 of the ARM ARM states:

For the purpose of determining Tag Check Fault handling, unprivileged
load and store instructions are treated as if executed at EL0 when
executed at either:
- EL1, when the Effective value of PSTATE.UAO is 0.
- EL2, when both the Effective value of HCR_EL2.{E2H, TGE} is {1, 1}
and the Effective value of PSTATE.UAO is 0.

ARM has confirmed a defect in the pseudocode function
AArch64.TagCheckFault that makes it inconsistent with the above
wording. The remedy is to adjust references to PSTATE.EL in that
function to instead refer to AArch64.AccessUsesEL(acctype), so
that unprivileged instructions use SCTLR_EL1.TCF0 and TFSRE0_EL1.
The exception type for synchronous tag check faults remains unchanged.

This patch implements the described change by partially reverting
commits 50244cc76abc and cc97b0019bb5.

Backports 2d928adf8a9148510e1b2041145b8a873f4d26df
2021-03-08 11:34:03 -05:00
Richard Henderson 03c8d3ff00 target/arm: Speed up aarch64 TBL/TBX
Always perform one call instead of two for 16-byte operands.
Use byte loads/stores directly into the vector register file
instead of extractions and deposits to a 64-bit local variable.

In order to easily receive pointers into the vector register file,
convert the helper to the gvec out-of-line signature. Move the
helper into vec_helper.c, where it can make use of H1 and clear_tail.

Backports 519183d3fee58e52f7b51cf146c9dc9edc565059
2021-03-08 11:31:24 -05:00
Rebecca Cran 2e508af5d5 target/arm: Set ID_PFR2.SSBS to 1 for max 32-bit CPU
Enable FEAT_SSBS for the "max" 32-bit CPU.

Backports ed84a60ca80c403749c1fc1bab27c85d8edba39d
2021-03-08 11:27:02 -05:00
Rebecca Cran 0f7620f7cc target/arm: Enable FEAT_SSBS for max AARCH64 CPU
Set ID_AA64PFR1_EL1.SSBS to 2 and ID_PFR2.SSBS to 1.

Backports 89455d1ba6ed190e840cb732e63958755ea42a07
2021-03-08 11:26:20 -05:00
Rebecca Cran 01105515c7 target/arm: Add support for FEAT_SSBS, Speculative Store Bypass Safe
Add support for FEAT_SSBS. SSBS (Speculative Store Bypass Safe) is an
optional feature in ARMv8.0, and mandatory in ARMv8.5.

Backports f2f68a78b793808b84367bc708d632969d4440aa
2021-03-08 11:23:50 -05:00
Lioncash 23dc2fb4a2 target/riscv: Enable vector extensions 2021-03-08 11:18:36 -05:00
LIU Zhiwei dba0d32708 target/riscv: vector compress instruction
Backports 31bf42a26cf8b1e02f27acd302ee0ef14e877682
2021-03-07 12:47:46 -05:00
LIU Zhiwei a68f111390 target/riscv: vector register gather instruction
Backports e4b83d5c0928507cc27a0f613675b117db9993e4
2021-03-07 12:45:36 -05:00
LIU Zhiwei 162ae6efd7 target/riscv: vector slide instructions
Backports ec17e03688ce4d0ae188db6d90b185b92a9a2087
2021-03-07 12:43:14 -05:00
LIU Zhiwei 0e0ac052cd target/riscv: floating-point scalar move instructions
Backports 2843420a562c107801bae20f74579e4fe540316f
2021-03-07 12:41:23 -05:00
LIU Zhiwei b75de9504c target/riscv: integer scalar move instruction
Backports 9fc08be626a96ae1ac0cffb22f30ae652c1c645a
2021-03-07 12:38:41 -05:00
LIU Zhiwei d61c1e91a8 target/riscv: integer extract instruction
Backports 90355f391d979ccd95d09ab42f647f103a3dbe69
2021-03-07 12:36:01 -05:00
LIU Zhiwei 5ff1871e32 target/riscv: vector element index instruction
Backports 126bec3f6ff3379e1a49f4a7d36922bfd079a3cc
2021-03-07 12:29:13 -05:00
LIU Zhiwei 2f7cdaee7b target/riscv: vector iota instruction
Backports 78d90cfe859c8f5bd7baa0d41a4b5126e08eac24
2021-03-07 12:27:10 -05:00
LIU Zhiwei ec24e09ce7 target/riscv: set-X-first mask bit
Backports 81fbf7daf2eccadd6480b90db95a2e8c410d4414
2021-03-07 12:25:09 -05:00
LIU Zhiwei 92d5ce9b66 target/riscv: vmfirst find-first-set mask bit
Backports 0db67e1c0c49011eb09c4f5b790eef15a2b4c351
2021-03-07 12:22:13 -05:00
LIU Zhiwei 782835889c target/riscv: vector mask population count vmpopc
Backports 2e88f551df8fe6af81c0f920b7341ae2c75d00f2
2021-03-07 12:20:01 -05:00
LIU Zhiwei 68765e92c0 target/riscv: vector mask-register logical instructions
c21f34aebfb15c112131e36f425986170a3fcae9
2021-03-07 12:16:44 -05:00
LIU Zhiwei 4cbb4ae73d target/riscv: vector widening floating-point reduction instructions
Backports 696b0c260a0312c865cd0e4a8f09d0b9f13b07c9
2021-03-07 12:12:49 -05:00
LIU Zhiwei ebe125af76 target/riscv: vector single-width floating-point reduction instructions
Backports 523547f19e3914f11543e2da03907c724f15cd5e
2021-03-07 12:11:01 -05:00
LIU Zhiwei 798c1682f8 target/riscv: vector wideing integer reduction instructions
Backports bba718200b2d2aac6ab5031817f7125571c983a1
2021-03-07 12:09:15 -05:00
LIU Zhiwei 4b1e548fd0 target/riscv: vector single-width integer reduction instructions
Backports fe5c9ab1fc185e96bf7e034954127429ca74d386
2021-03-07 12:07:51 -05:00
LIU Zhiwei e925927e23 target/riscv: narrowing floating-point/integer type-convert instructions
Backports 878d406ec28f945d262af4ffbea50b825d7a0825
2021-03-07 12:05:59 -05:00
LIU Zhiwei 0c80c49b1b target/riscv: widening floating-point/integer type-convert instructions
Backports 4514b7b12390525e59e335e7ca58fd44f6e69272
2021-03-07 12:02:56 -05:00
LIU Zhiwei 8b06759ba4 target/riscv: vector floating-point/integer type-convert instructions
Backports 921009732614fd620c75f05496597796719544cf
2021-03-07 12:00:36 -05:00
LIU Zhiwei fabc8bab77 target/riscv: vector floating-point merge instructions
Backports 64ab5846974140118c64e4d94ff2696932a0a58b
2021-03-07 11:58:41 -05:00
LIU Zhiwei f9c9716534 target/riscv: vector floating-point classify instructions
Backports 121ddbb36f17d24a7f39d6024d9b3145d154a98c
2021-03-07 11:55:45 -05:00
LIU Zhiwei b859be12b9 target/riscv: vector floating-point compare instructions
Backports 2a68e9e568faddf4d689a37fa6895bcb8404a677
2021-03-07 11:47:51 -05:00
LIU Zhiwei 31978f270b target/riscv: vector floating-point sign-injection instructions
Backports 1d426b81f71eeeb1cbfec76c2f27ed0495719fb0
2021-03-07 11:43:47 -05:00
LIU Zhiwei f7f0425a4d target/riscv: vector floating-point min/max instructions
Backports 230b53ddd706c8b18a6d9beed1a0153b276d7037
2021-03-07 11:42:05 -05:00
LIU Zhiwei 69c73cfc4e target/riscv: vector floating-point square-root instruction
Backports d9e4ce72a5a0f7c404156d40d3252d4d6a9d6a36
2021-03-07 11:40:04 -05:00
LIU Zhiwei 95a6d78121 target/riscv: vector widening floating-point fused multiply-add instructions
Backports 0dd509594fbd53fc9c3edc79bd7a575f079c3c87
2021-03-07 11:37:23 -05:00
LIU Zhiwei 42116609f0 target/riscv: vector single-width floating-point fused multiply-add instructions
Backports 4aa5a8fed4a21fe2e132a9a21b251aa95e19de80
2021-03-07 11:34:56 -05:00
LIU Zhiwei 14cbabde4f target/riscv: vector widening floating-point multiply
Backports f7c7b7cd293ca6f14f23cc2c14d6d23fc47a604d
2021-03-07 11:32:19 -05:00
LIU Zhiwei 5e4b142c31 target/riscv: vector single-width floating-point multiply/divide instructions
Backports 0e0057cbe2169195a08ae8247504e69f9b80542b
2021-03-07 11:30:14 -05:00
LIU Zhiwei 0de56731ae target/riscv: vector widening floating-point add/subtract instructions
eeffab2ec1b332a5eb2d2dcd2732cdb57179c6eb
2021-03-07 11:27:33 -05:00
LIU Zhiwei 06092b88b9 target/riscv: vector single-width floating-point add/subtract instructions
Backports ce2a0343f441f0ee949690eabae5ab600397e2eb
2021-03-05 09:50:56 -05:00
LIU Zhiwei 5fb589cdd7 target/riscv: vector narrowing fixed-point clip instructions
Backports 9ff3d28739b760970f5e542c74a033470dca3f9b
2021-03-05 09:34:11 -05:00
LIU Zhiwei 241deddb50 target/riscv: vector single-width scaling shift instructions
Backports 04a614062dd5fb43f00bd955f44f7a2c3def016d
2021-03-05 09:32:15 -05:00
LIU Zhiwei e7582a5d74 target/riscv: vector widening saturating scaled multiply-add
Backports 0a1eaf0036442b2bfa69df7fad9a5f1d6a4984f2
2021-03-05 09:29:42 -05:00
LIU Zhiwei e27aadfa4f target/riscv: vector single-width fractional multiply with rounding and saturation
Backports 9f0ff9e51480f8f1d2d7a62b11aa156fcdb4ef95
2021-03-05 09:26:56 -05:00
LIU Zhiwei 2343892c2e target/riscv: vector single-width averaging add and subtract
Backports b7aee4819206cbb7adfdb624d4f2fa9918c25d43
2021-03-05 09:25:09 -05:00
LIU Zhiwei 87db3eb130 target/riscv: vector single-width saturating add and subtract
Backports eb2650e35ec1ed60ff302ce3330bd6c770640833
2021-03-05 09:23:17 -05:00
LIU Zhiwei 025aa6fd39 target/riscv: vector integer merge and move instructions
Backports 	f020a7a14505d6996497693e63331ab609847d93
2021-03-05 09:20:34 -05:00
LIU Zhiwei 9d14cc8d35 target/riscv: vector widening integer multiply-add instructions
Backports 2b587b335050dbc0cb3823758341f145c0375312
2021-03-05 09:13:03 -05:00
LIU Zhiwei 58891e213d target/riscv: vector single-width integer multiply-add instructions
Backports 54df813a331d3badfb83604c36bef7cb1de4315a
2021-03-05 09:11:33 -05:00
LIU Zhiwei 436e092e36 target/riscv: vector widening integer multiply instructions
Backports 97b1cba39967251ab78b9d52fd9a4c62bb42d428
2021-03-05 09:09:08 -05:00
LIU Zhiwei d144afdc45 target/riscv: vector integer divide instructions
Backports 85e6658cfe9d71cc207a710ffdf0e6546f8612aa
2021-03-05 09:05:00 -05:00
Lioncash 14d06ee38c sparc: Fix build 2021-03-05 08:54:43 -05:00
Lioncash 704353c758 mips: Fix build 2021-03-05 08:51:51 -05:00
Lioncash dec4c70142 i386: Fix build 2021-03-05 08:35:14 -05:00
Lioncash 5436b713ce m68k: Fix build
A bunch of changes to the memory functions recently broke the build.
This fixes it.
2021-03-05 08:29:53 -05:00
Zheng Zhan Liang dfd53d7573 tcg/i386: rdpmc: fix the the condtions
Backports c45b426acd1ad8e30fbe1b9af8c07b2889c28c6b
2021-03-04 18:50:48 -05:00
Chenyi Qiang d7adcf1d7f target/i386: Add bus lock debug exception support
Bus lock debug exception is a feature that can notify the kernel by
generate an #DB trap after the instruction acquires a bus lock when
CPL>0. This allows the kernel to enforce user application throttling or
mitigations.

This feature is enumerated via CPUID.(EAX=7,ECX=0).ECX[bit 24].

Backports 06e878b413766778a53be3d25c0373a23679d039
2021-03-04 18:50:00 -05:00
Richard Henderson d044062b26 target/arm: Enable MTE for user-only
Backports e32328645ed6fc4f20f0164dfc9ce1bf7e667cc4
2021-03-04 18:46:47 -05:00
Richard Henderson c588c150e4 target/arm: Add allocation tag storage for user mode
Use the now-saved PAGE_ANON and PAGE_MTE bits,
and the per-page saved data.

Backports a11d3830d96ad8077440ce4e0aa60608f1f12dde
2021-03-04 18:46:13 -05:00
Richard Henderson f03656b5c3 target/arm: Split out syndrome.h from internals.h
Move everything related to syndromes to a new file,
which can be shared with linux-user.

Backports 1fe27859427bd377a45708310947de54c687d9ff
2021-03-04 18:44:07 -05:00
Richard Henderson 84368d2d6d target/arm: Use the proper TBI settings for linux-user
We were fudging TBI1 enabled to speed up the generated code.
Now that we've improved the code generation, remove this.
Also, tidy the comment to reflect the current code.

The pauth test was testing a kernel address (-1) and making
incorrect assumptions about TBI1; stick to userland addresses.

Backports 16c849784873d10d0da257d698e391fddea1f0e4
2021-03-04 18:41:49 -05:00
Richard Henderson de982a8346 target/arm: Improve gen_top_byte_ignore
Use simple arithmetic instead of a conditional
move when tbi0 != tbi1.

Backports 2169b5c6f7a791ef9c43c72412efaafae3245114
2021-03-04 18:39:43 -05:00
Peter Maydell ab07f048d8 bswap.h: Remove unused float-access functions
The float-access functions stfl_*, stfq*, ldfl* and ldfq* are now
unused; remove them. (Accesses to float64 and float32 types can be
made with the ldl/stl/ldq/stq functions, as float64 and float32 are
guaranteed to be typedefs for normal integer types.)

Backports f930224fffead81e23e699517d1351e33890b6f7
2021-03-04 18:37:02 -05:00
Daniel Müller 642a683d7a target/arm: Correctly initialize MDCR_EL2.HPMN
When working with performance monitoring counters, we look at
MDCR_EL2.HPMN as part of the check whether a counter is enabled. This
check fails, because MDCR_EL2.HPMN is reset to 0, meaning that no
counters are "enabled" for < EL2.
That's in violation of the Arm specification, which states that

> On a Warm reset, this field [MDCR_EL2.HPMN] resets to the value in
> PMCR_EL0.N

That's also what a comment in the code acknowledges, but the necessary
adjustment seems to have been forgotten when support for more counters
was added.
This change fixes the issue by setting the reset value to PMCR.N, which
is four.

Backports d3c1183ffeb71ca3a783eae3d7e1c51e71e8a621
2021-03-04 18:34:06 -05:00
Peter Maydell 2c926832bb accel/tcg: Add URL of clang bug to comment about our workaround
In cpu_exec() we have a longstanding workaround for compilers which
do not correctly implement the part of the sigsetjmp()/siglongjmp()
spec which requires that local variables which are not changed
between the setjmp and the longjmp retain their value.

I recently ran across the upstream clang bug report for this; add a
link to it to the comment describing the workaround, and generally
expand the comment, so that we have a reasonable chance in future of
understanding why it's there and determining when we can remove it,
assuming clang eventually fixes the bug.

Remove the /* buggy compiler */ comments on the #else and #endif:
they don't add anything to understanding and are somewhat misleading
since they're sandwiching the code path for *non*-buggy compilers.

Backports e6a41a045c298538d303cd8fe8d7ae29a0c066ad
2021-03-04 18:32:51 -05:00
Rebecca Cran 93b0428f48 target/arm: Set ID_PFR0.DIT to 1 for max 32-bit CPU
Enable FEAT_DIT for the "max" 32-bit CPU.

Backports 5385320c2b3183f2e18dbc55c23ecba9272500c2
2021-03-04 18:31:36 -05:00
Rebecca Cran 66d96057a4 target/arm: Set ID_AA64PFR0.DIT and ID_PFR0.DIT to 1 for max AA64 CPU
Enable FEAT_DIT for the "max" AARCH64 CPU.

Backports 2bf1eff9e9125a3d73901991dcfb9cb2ace03be1
2021-03-04 18:30:59 -05:00
Rebecca Cran f7424d89e2 target/arm: Support AA32 DIT by moving PSTATE_SS from cpsr into env->pstate
cpsr has been treated as being the same as spsr, but it isn't.
Since PSTATE_SS isn't in cpsr, remove it and move it into env->pstate.

This allows us to add support for CPSR_DIT, adding helper functions
to merge SPSR_ELx to and from CPSR.

Backports f944a854ce4007000accf7c191b5b52916947198
2021-03-04 18:24:57 -05:00
Rebecca Cran d8458f14af target/arm: Add support for FEAT_DIT, Data Independent Timing
Add support for FEAT_DIT. DIT (Data Independent Timing) is a required
feature for ARMv8.4. Since virtual machine execution is largely
nondeterministic and TCG is outside of the security domain, it's
implemented as a NOP.

Backports dc8b18534ea1dcc90d80ad9a61a3b0aa7eb312fb
2021-03-04 18:19:32 -05:00
Mike Nawrocki 4e482764e2 target/arm: Fix SCR RES1 handling
The FW and AW bits of SCR_EL3 are RES1 only in some contexts. Force them
to 1 only when there is no support for AArch32 at EL1 or above.

The reset value will be 0x30 only if the CPU is AArch64-only; if there
is support for AArch32 at EL1 or above, it will be reset to 0.

Also adds helper function isar_feature_aa64_aa32_el1 to check if AArch32
is supported at EL1 or above.

Backports 10d0ef3e6cfe228df4b2d3e27325f1b0e2b71fd5
2021-03-04 18:15:39 -05:00
Chenyi Qiang 807d541e19 target/i386: Expose VMX entry/exit load pkrs control bits
Expose the VMX exit/entry load pkrs control bits in
VMX_TRUE_EXIT_CTLS/VMX_TRUE_ENTRY_CTLS MSRs to guest, which supports the
PKS in nested VM.

Backports 52a44ad2b92ba4cd81c2b271cd5e4a2d820e91fc
2021-03-04 18:13:36 -05:00
Paolo Bonzini 834e2b2643 target/i86: implement PKS
Protection Keys for Supervisor-mode pages is a simple extension of
the PKU feature that QEMU already implements. For supervisor-mode
pages, protection key restrictions come from a new MSR. The MSR
has no XSAVE state associated to it.

PKS is only respected in long mode. However, in principle it is
possible to set the MSR even outside long mode, and in fact
even the XSAVE state for PKRU could be set outside long mode
using XRSTOR. So do not limit the migration subsections for
PKRU and PKRS to long mode.

Backports e7e7bdababeefff10736c6adf410c66d2f0d46fe
2021-03-04 18:12:44 -05:00
David Greenaway 0c1c359b5c target/i386: Fix decoding of certain BMI instructions
This patch fixes a translation bug for a subset of x86 BMI instructions
such as the following:

c4 e2 f9 f7 c0 shlxq %rax, %rax, %rax

Currently, these incorrectly generate an undefined instruction exception
when SSE is disabled via CR4, while instructions like "shrxq" work fine.

The problem appears to be related to BMI instructions encoded using VEX
and with a mandatory prefix of "0x66" (data). Instructions with this
data prefix (such as shlxq) are currently rejected. Instructions with
other mandatory prefixes (such as shrxq) translate as expected.

This patch removes the incorrect check in "gen_sse" that causes the
exception to be generated. For the non-BMI cases, the check is
redundant: prefixes are already checked at line 3696.

Buglink: https://bugs.launchpad.net/qemu/+bug/1748296

Backports 51909241d26fe6fe18a08def93ccc8273f61a8b3
2021-03-04 18:08:47 -05:00